public String getSubject() { try { return claims.getSubject(); } catch (MalformedClaimException e) { throw new SecurityException(e); } }
@Override public Error validate(JwtContext jwtContext) throws MalformedClaimException { JwtClaims jwtClaims = jwtContext.getJwtClaims(); String subject = jwtClaims.getSubject(); if (subject == null && requireSubject) { return MISSING_SUB; } else if (expectedSubject != null && !expectedSubject.equals(subject)) { String msg = "Subject (sub) claim value (" + subject + ") doesn't match expected value of " + expectedSubject; return new Error(ErrorCodes.SUBJECT_INVALID, msg); } return null; } }
/** * Validates an existing {@link User} once their corresponding JWT's signature has been verified. * i.e. this method is called after signature verification. * * //TODO potentially blacklist tokens here until their expiry if a user has * //TODO logged out &or changed her password. * * @param jwtContext * @return * @throws AuthenticationException */ @Override public Optional<User> authenticate(JwtContext jwtContext) throws AuthenticationException { try { if (TokenGenerator.isExpired(jwtContext)) { return Optional.empty(); } User u = userDao.findByEmail(jwtContext.getJwtClaims().getSubject()); return u != null ? Optional.of(u) : Optional.empty(); } catch (MalformedClaimException e) { return Optional.empty(); } } }
return null; if (StringUtils.isBlank(claims.getSubject())) { LOGGER.error("Token has no subject identifier"); return null; return claims.getSubject(); } catch (final Exception e) { LOGGER.error(e.getMessage(), e);
/** * Extract the subject information * * @param jwt * the token to use * @return the subject, never returns {@code null} * @throws ShiroException * in case the subject could not be extracted */ private String extractExternalId(String jwt) { final String id; try { final JwtContext ctx = jwtProcessor.process(jwt); id = ctx.getJwtClaims().getSubject(); } catch (final Exception e) { throw new ShiroException("Failed to parse JWT", e); } if (id == null || id.isEmpty()) { throw new ShiroException("'subject' missing on JWT"); } return id; }
/** * Extract the subject information * * @param jwt * the token to use * @return the subject, never returns {@code null} * @throws ShiroException * in case the subject could not be extracted */ private String extractExternalId(String jwt) { final String id; try { final JwtContext ctx = jwtProcessor.process(jwt); id = ctx.getJwtClaims().getSubject(); } catch (final Exception e) { throw new ShiroException("Failed to parse JWT", e); } if (id == null || id.isEmpty()) { throw new ShiroException("'subject' missing on JWT"); } return id; }
@Nullable public static User parseToken(@NotNull JsonWebEncryption jwe, @NotNull String token, int tokenEnsureTime) { try { jwe.setCompactSerialization(token); final JwtClaims claims = JwtClaims.parse(jwe.getPayload()); final NumericDate now = NumericDate.now(); final NumericDate expire = NumericDate.fromMilliseconds(now.getValueInMillis()); if (tokenEnsureTime > 0) { expire.addSeconds(tokenEnsureTime); } if (claims.getExpirationTime() == null || claims.getExpirationTime().isBefore(expire)) { return null; } if (claims.getNotBefore() == null || claims.getNotBefore().isAfter(now)) { return null; } if (claims.getSubject() == null) { return User.getAnonymous(); } return User.create( claims.getSubject(), claims.getClaimValue("name", String.class), claims.getClaimValue("email", String.class), claims.getClaimValue("external", String.class) ); } catch (JoseException | MalformedClaimException | InvalidJwtException e) { log.warn("Token parsing error: " + e.getMessage()); return null; } }
@Override public HobsonUser authenticate(String token) throws HobsonAuthenticationException { try { // extract the claims from the token JwtClaims claims = jwtConsumer.processToClaims(token); // make sure the token hasn't expired if (claims.getExpirationTime().isAfter(NumericDate.now())) { List<String> roles = null; Map realmAccess = claims.getClaimValue("realm_access", Map.class); if (realmAccess != null && realmAccess.containsKey("roles")) { roles = (List<String>)realmAccess.get("roles"); } return new HobsonUser.Builder(claims.getSubject()) .givenName(claims.getStringClaimValue(PROP_FIRST_NAME)) .familyName(claims.getStringClaimValue(PROP_LAST_NAME)) .roles(roles != null ? roles : new ArrayList<String>()) .hubs(Collections.singletonList(claims.getClaimValue("hubs", String.class))) .build(); } else { throw new HobsonAuthenticationException("Token has expired"); } } catch (Exception e) { throw new HobsonAuthenticationException("Error validating bearer token: " + e.getMessage()); } }
String subject = context.getJwtClaims().getSubject();
name = claimsSet.getClaimValue("preferred_username", String.class); if (name == null) { name = claimsSet.getSubject();
principalName = claimsSet.getClaimValue("preferred_username", String.class); if (principalName == null) { principalName = claimsSet.getSubject();
principalName = claimsSet.getClaimValue("preferred_username", String.class); if (principalName == null) { principalName = claimsSet.getSubject();